From da28b13545de00a62b08207be281ae6b5a8f12de Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Fri, 1 Mar 2019 16:17:45 -0700
Subject: [PATCH] Update FederationController

---
 app/Http/Controllers/FederationController.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php
index 9ff70c20b..77665e40c 100644
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@@ -199,9 +199,16 @@ XML;
         $body = $request->getContent();
         $bodyDecoded = json_decode($body, true, 8);
         $signature = $request->header('signature');
+        $date = $request->header('date');
         if(!$signature) {
             abort(400, 'Missing signature header');
         }
+        if(!$date) {
+            abort(400, 'Missing date header');
+        }
+        if(!now()->parse($date)->gt(now()->subDays(1)) || !now()->parse($date)->lt(now()->addDays(1))) {
+            abort(400, 'Invalid date');
+        }
         $signatureData = HttpSignature::parseSignatureHeader($signature);
         $keyId = Helpers::validateUrl($signatureData['keyId']);
         $id = Helpers::validateUrl($bodyDecoded['id']);